Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-44668NVD

Description

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid session. Four action methods in BoilerPlateConfig perform no local session check either, allowing an unauthenticated attacker to read, overwrite, deactivate, and permanently delete any boilerplate template in the system. This vulnerability is fixed in 1.8.3.

Severity Level

CRITICAL (9.8)

Published Date

26/05/2026

Last Modified

26/05/2026

Exploitation Status

UNKNOWN

References

https://github.com/factionsecurity/faction/releases/tag/1.8.3
https://github.com/factionsecurity/faction/security/advisories/GHSA-7cv6-h22r-2qf2